South Korean data breach linked to an insider

An employee at a credit ratings firm is alleged to have sold the personal data of up to 20 million people to marketing firms

Share this item with your network:

An employee at a credit ratings firm in South Korea is alleged to have sold the personal details of up to 20 million South Koreans to marketing firms in a classic example of the insider threat.

A temporary consultant at the Korea Credit Bureau (KCB) has been accused of stealing sensitive customer information from its servers – including names, social security numbers and credit card details – according to a statement from the Korean Financial Supervisory Service (FSS).

The information was taken from the internal servers of KB Kookmin Card, Lotte Card and NH Nonghyup Card. Regulators have launched investigations into security measures at the affected firms, the FSS said.

“The vast potential damage that can be caused by an abuse of internal user privileges has been seen time and time again,” said Matt Middleton-Leal, regional director, UK & Ireland at security firm CyberArk.

He said organisations routinely grant powerful privileged accounts and credentials to their employees and contractors, but this leaves them vulnerable if they do not have proper control and monitoring capabilities.

“In the case of the alleged breach in South Korea, the fact that the individual was reportedly able to access and then sell on vast quantities of customer information is very worrying,” said Middleton-Leal.

“It should not be the case that an employee – and in this case a temporary consultant – is able to access and then download sensitive data without this suspicious activity being flagged up.”

Middleton-Leal said that, while this appears to be a classic example of the "insider threat", the threat from within can include the accidental misuse of privileged access.

It can also include the abuse of these privileged accounts by cyber attackers, who immediately seek out these credentials once inside a corporate network in order to steal information or plant malware.

“A breach of customer data can spell disaster for a business, due to the loss of customer confidence, revenue and the possibility of severe financial penalties,” said Middleton-Leal.

Business risk

Keith Bird, Check Point’s UK managing director, said data leaks by employees or trusted partners are still one of the biggest risks facing companies.

“So if a trusted person chooses to harvest and leak a large amount of data, the damage can be severe, in terms of remediation costs, fines from regulators and loss of reputation. Trust is a precious commodity, and it is all too easily exploited.”

Rob Cotton, chief executive at information assurance firm NCC Group said this breach demonstrates the threat that an employee poses, no matter how robust an organisation’s internet facing security is.

"A robust organisational security posture is a blend of staff vetting, technical countermeasures, separation of duty and monitoring for egregious abuse of access legitimate or otherwise," said Cotton.

“Only by taking this blended approach can organisations hope to detect and minimise the impact from such attacks.”

According to Cotton, stopping motivated malicious employees is almost impossible while still continuing to benefit from the efficiency gains seen by the use of computing resources.

“As a result, it becomes a matter of risk minimisation, through the use of holistic countermeasures, such as keeping administrative privileges to a minimum,” he said.

Join the conversation

1 comment

Register

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Your password has been sent to:

Please create a username to comment.

Comprehensive employee monitoring, which includes privileged users, provides an immediate and on-going deterrence factor, plus the detection and alerting of potential threats and then the contextual detail to replay who did what and when.